What is cyber espionage? A complete guide
Cyber espionage may sound like something taken straight out of the newest techno thriller, but reality proves to be much stranger than fiction. A single successful cyberattack can score a hit that organizations never recover from. But who benefits from cyber espionage? And, more importantly, what can you do to stop it?
Table of Contents
Table of Contents
What is cyber espionage?
Cyber espionage covers a wide range of cyberattacks, from hiding malware in phishing emails to blackmailing key personnel by exploiting stolen personal information.
Cyber espionage should not be confused with cyberstalking, which involves spying on someone to control or harass the victim.
Cyber spying has resulted in an arms race between the cybersecurity industry and various threat actors. In the past, simple firewalls and consumer-grade antivirus software were deemed enough to protect an organization from cyberspies; today, sensitive information is kept in secure databases and on private cloud storage, with teams of cybersecurity experts ready to respond at a moment’s notice if a breach is detected.
What are the reasons for using cyber spying?
Cyber spying is used for much the same reason real spies have been employed throughout history — to gather intelligence on and sabotage rivals. Illegal cloak-and-dagger operations have been a part of politics for centuries. The advent of computers and the internet have simply pushed spying into digital space.
It’s not just governments spying on each other, either. Corporate espionage – the theft of a company’s secrets – has grown ever more sophisticated and effective. Stolen data can be incredibly valuable (plans for revolutionary technology) or very damaging to the victim (proof of illegal dealings).
Targets of cyber espionage
Cyber espionage targets valuable data in possession of government agencies, research laboratories, academic institutions, and major corporations. In particular, cyberspies consider the following information to be worth targeting:
- Research and development. Competing nations may want steal research data from public institutions to get the fruits of the labor without any effort, to sabotage their rivals’ efforts, or to simply learn what the other countries are focusing on.
- Academic research. Some studies carried out by top-level academic institutions like the Massachusetts Institute of Technology are classified by national governments or sponsoring corporations, so their data becomes a lucrative target for competing players.
- Military intelligence. Both warmongers and peaceful countries desire information on other nations’ troop movements, weapon developments, and planned military action.
- Diplomatic data. Diplomatic communiques contain privileged information that frequently involves the highest echelons of government. Successful cyber espionage attacks may result in the hacker obtaining blackmail material or causing an international incident.
- Political information. Politicians or sympathetic hackers may conduct cyber espionage on their opponents to unearth their dirty laundry, read staff instructions, and identify potential opportunities for sabotage.
- Intellectual property. Developing new designs is costly, so companies fold the costs of research into the final price of the product — but if you can simply steal the research data, you can enjoy higher profit margins without any work.
- Sensitive business information. Information like salary ranges, payment structures, investments, or client lists may give others what they need to successfully poach customers or employees from the targeted corporation.
Forms of cyber espionage
Cyber espionage comes in many forms — the tactics that perpetrators use depend heavily on what they’re after and what cybersecurity measures they have to deal with. The following methods are frequently employed by cyberspies to infiltrate institutions and steal data.
Malware and viruses
An attacker can use malware to extort weaknesses in a system, track activity on a device, and spy on a user’s passwords. From social engineering attacks (like spear phishing emails) to malvertising redirects, cyber spies will use any means they can to plant malware on a device and gain access to its data.
Attacking unsecured devices
Hackers may target the personal and work devices of the staff to access a larger network. With an increasing number of remote workers relying on unsecured Wi-Fi hotspots outside of the office, it’s no challenge for an attacker to hack the connection and spy on their activity.
Cracking passwords
Most people choose simple passwords that can be cracked in just a few seconds. If a hacker cracks the right account, they could quickly ransack it for information or use it as a staging ground for further attacks. Strong passwords are paramount.
Direct hacking
Hackers can also attack databases, cloud storage, and internal systems directly. This risk becomes much more serious when a business is slow to update their software. If an organization or its employees forget to regularly download the latest security patches for their operating systems, they leave themselves vulnerable to extortion and spying.
Insider threats
Insider threats refer to cyberattacks carried out by the victim’s own members. Instead of trying to find their way around robust cybersecurity measures, cyberspies may opt to convert an employee to steal data or install malware on the target system. Some disgruntled employees may even volunteer sensitive data out of spite.
Cyber espionage cases
Despite its prevalence, relatively few cyber espionage cases make the news — cyberspies work in secret, rarely advertising their activities. Here are four famous cyber espionage cases that managed to make it to the public eye.
Operation Aurora
In 2010, a wide-ranging cyber espionage operation was launched against over 20 different corporations, including tech giants like Google and Yahoo. Although the organization behind the case – dubbed Operation Aurora – were never officially identified, it’s widely believed that China was to blame. The cyber spies used weak spots in Internet Explorer to hack user accounts and steal swathes of intellectual property, in a pattern that has been repeated many times since.
Operation Shady RAT
2006 saw one of the most extensive examples of cyber espionage to date. Using malware delivered through email links – referred to as RATs – spies targeted 70 separate organizations. Among them were the United Nations and the International Olympic Committee. Huge amounts of sensitive data was stolen, and while the culprits are still unknown, it’s telling that China was the only southeast Asian country where no attacks occurred.
The GhostNet Mystery
Another high profile cyber espionage case surfaced in 2009, with the discovery of GhostNet. By the time they were noticed, this mysterious network of cyber spies had already targeted over a thousand devices across the globe. From Germany to South Korea, embassies, government offices, and high-ranking officials had their files stolen. To this day, we still don’t know for certain who was behind the GhostNet.
How to detect cyber espionage
Due to the clandestine nature of cyber espionage, detecting unauthorized intrusion into your system is a challenging task. Nevertheless, being vigilant and employing robust cybersecurity measures may allow you to catch cyberspies in the act.
- Monitoring systems. Sophisticated cyberattacks like advanced persistent threats are often executed in phases — the attackers must first get a foothold in the target system, install the required tools, and sniff out valuable data. Noticing aberrant behavior during this time lets you deploy cybersecurity tools against the attack.
- Monitoring networks. To cyberspies, infiltrated networks are like vast, unexplored labyrinths — they must carefully make their way from system to system until they find the data they seek. Wary administrators may notice unusual movement or access requests in their network, alerting them to the possibility of a cyberattack.
- Using intrusion detection systems (IDS). As the name suggests, IDS tools are designed to detect and respond to unauthorized access attempts. IDS uses multiple techniques to identify intrusion, including detailed analysis of network packets, log files, and system events.
- Implementing security incident and event management (SIEM). SIEM systems continuously monitor security events and detect threats as they occur. They consolidate log and event data from multiple sources (including firewalls, antivirus software, and intrusion detection systems) and immediately alert security professionals to suspicious activities.
- Counter-espionage. Just like in real life, the best warning against cyber espionage attempts comes from your own cyberspies embedded in the attacker’s organization. These operatives may reveal planned attack dates and vectors, or inform cybersecurity professionals about attacks already in progress.
How to prevent cyber espionage
Despite the growing sophistication of cyber espionage strategies, there are still actionable ways for companies to protect their data. Here are six steps that you can take today to limit the risks.
Ensure that employees use a VPN
Make sure all your employees are using a reliable VPN. This service will encrypt the browsing data of a connected device, making it even harder for someone to access the company’s files through a single entry point. Rolling out NordLayer across employee hardware can limit the damage of a hack and improve secure communication channels within the network.
Implement an endpoint security system
Every connected device could pose a threat to your organization, from internal servers to employee phones. Competitors can exploit an unsecured endpoint to gain access to password protected data elsewhere within the company. It’s crucial to know how and why to implement a company-wide endpoint security system.
Use backup and encryption
Always backup your most sensitive data and keep it encrypted. This way, even if something happens to your main database, you’ll still have your backups. Encryption adds an additional layer of protection because even if someone manages to get their hands on your files, they won’t be able to read, corrupt, or sell them online. Try looking for a cloud storage provider that offers strong encryption as well – like NordLocker.
Keep software updated
When operating systems and softwares aren’t updated regularly, they can become vulnerable to attacks. Attackers may abuse known zero-day exploits or target flaws introduced by later patches. It’s an essential part of best practice to install all available security updates on any company hardware wherever it’s located.
Keep your databases segregated
A cyber espionage attack will always be more damaging if all of a company’s sensitive information is stored in one place. Keeping different datasets across a range of segregated digital storage spaces will limit how much a spy can steal in one operation. Even if a database or endpoint device is compromised, the damage can still be mitigated.
Password protection
With brute-forcing programs available online, it’s never been easier to crack a password. Employees should be made aware of the risks they run by using weak or duplicated login credentials for personal and work accounts. To buttress cybersecurity within an organization, invest in the NordPass password manager for all workers.